Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2900

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-2900
Last Modified 11 Oct 2011 12:00:00
Published 07 Jun 2006 12:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2900

Summary

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 6


References

VUPEN - ADV-2006-2161

BID - 18308

SREASON - 1059

SECUNIA - 20449

FULLDISC - 20060605 file upload widgets in IE and Firefox have issues


Last Updated: 27 May 2016 10:42:48